Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
csrf vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-25986
A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows malicious users to change the password of a user.
Monocms Monocms 1.0
8.8
CVSSv3
CVE-2015-5483
Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors...
Private Only Project Private Only 3.5.1
NA
CVE-2014-9401
Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and previous versions for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa...
Wp Limit Posts Automatically Project Wp Limit Posts Automatically
NA
CVE-2014-0745
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote malicious users to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.
Cisco Unified Contact Center Express Editor Software -
NA
CVE-2018-101643
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
5.4
CVSSv3
CVE-2018-10165
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated malicious users to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality....
Tp-link Eap Controller 2.5.4
Tp-link Eap Controller 2.6.0
7.5
CVSSv3
CVE-2018-10167
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify t...
Tp-link Eap Controller 2.6.0
Tp-link Eap Controller 2.5.4
8.8
CVSSv3
CVE-2022-4700
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
8.8
CVSSv3
CVE-2022-4701
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permission...
Royal-elementor-addons Royal Elementor Addons
6.5
CVSSv3
CVE-2022-4702
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions,...
Royal-elementor-addons Royal Elementor Addons
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »